0 votes

Hello,

We are currently evaluating Adaxes for our own consulting company and for our customers too.

Our setup include AD On Prem with Azure AD Connect which sync new identities to Azure AD on a schedule.

When we create or update a new account with Adaxes we can rely on Azure AD support but that's kinda partial for what I see.

The best option would be to trigger the Azure AD sync command when we save, to have a more complete scenario.

We followed the related documenation to add a custom action for that purpose, but we end with a priviledge issue.

What is the proper way to have out Adaxes service account allowed to start the sync? This part is not in the documentation we found.

Thanks a lot

by (240 points)
0

Hello,

We followed the related documenation to add a custom action for that purpose

Could you, please, provide all the possible details regarding the workflow you have configured? Please, post here or send us (support@adaxes.com) screenshots.

we end with a priviledge issue.

What exactly do you mean? Do you face any error messages? If so, please, post here or send us screenshots.

0

Hello

Sorry, I forgot to close this topic.

Issue I got was not permission related but context related. We had to import the PowerShell Module before running the delta sync.

This is our final configuration:

Import-Module "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync\ADSync.psd1"
Start-ADSyncSyncCycle -PolicyType Delta

1 Answer

0 votes
by (270k points)

Hello,

Thank you for the confirmation. You can also use the below script where the $dirsyncServer variable specifies the fully qualified domain name of the server that hosts the AAD Connect tool.

$dirsyncServer = "dirsync.domain.com" # TODO: modify me

Invoke-Command -ComputerName $dirsyncServer -ErrorAction Stop -ScriptBlock {
    Import-Module "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync\ADSync.psd1"

    Start-ADSyncSyncCycle -PolicyType Delta
}

Related questions

0 votes
1 answer

Hello Forum, in our Adaxes environment we have a lot of security roles (one Security Role per Department). This allows the management of the Department to modify their Users / ... copy it to my newly created Role in powershell? Thanks a lot for your help.

asked Apr 30, 2015 by esoAdxAdmin (650 points)
0 votes
1 answer

Hi there, We would like to manage some specific child object, for example msFVE-RecoveryInformation object which is a child of the computer object and contain the bitlocker ... ActiveSync objects to, which are child of user objects. Thanks in advance Stephen

asked Aug 5, 2011 by sroux (800 points)
0 votes
1 answer

What specific permission is needed in a security role to grant access to enable a user account?

asked Dec 7, 2023 by mightycabal (1.0k points)
0 votes
0 answers

Hello, We create home folders using custom command: Service account to perform operations within the domain has: a) domain admin rights b) server admin rights On the ... user as the directory owner, however the user was granted the Take Ownership permission.

asked Mar 15, 2023 by juhota (210 points)
0 votes
1 answer

I know the question is related to an older version, but where do I find the "Thumbnail Photo Part" in Permissions? The task is: A department should be able to change the Userpicture, nothing else. Thanks

asked Nov 24, 2022 by boris (450 points)
3,326 questions
3,026 answers
7,727 comments
544,678 users